Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts
Nitesh Dhanjani's 2015 O'Reilly book Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts is a very practical existence-proof of the inadequacy and urgency of Internet of Things security.
The usual O'Reilly book is a kind of cook-book for accomplishing normal technical tasks, each recipe serving to illustrate broader technical principles. Millions of skilled technical people have followed the steps in O'Reilly books to master Perl and Ruby and Python, become master network administrators, or just master shell scripting.
Abusing the Internet of Things is structured just like one of those cookbooks, only the recipes explain the (relatively simple) steps you need take to compromise everything from a smart lightbulb -- one recipe explains how to plunge a smart lighting system into permanent, irrevocable darkness -- to a smart baby-monitor (this was published months before a family in San Francisco woke to discover a griefer terrorizing their toddler through his bedside monitor) to a smart TV to -- what else? -- a smart car.
In so doing, Dhanjani -- who has presented widely on the subject, including an excellent talk at Black Hat Asia -- illustrates the utter shoddiness of IoT security, and incontrovertibly illustrates the risks from bad information security when every corner of our homes is infiltrated by computers.
But this isn't just a cautionary tale. After walking the reader through a series of examples, complete with source-code and exercises for the student, Dhanjani flips the script, and uses all he's discussed to build a secure, smart doorbell that's connected to the public Internet, with security in it by design. The distance between the approach in this exercise and the approaches taken by the vendors Dhanjani outs as security bumblers is the clincher, the proof that the things you buy are broken because no one cared enough about them to make them hard to break.
Two final chapters sum up the scenarios for future IoT attacks, and dramatize the institutional processes that produce such poor quality devices for our consumption.
The book is written in a spritely, writerly fashion, with many grace notes and interesting case studies -- including an account of how you could use someone's hacked email account to steal their Tesla automobile.
This book is a marvellous thing: an important intervention in the policy debate about information security and a practical text for people trying to improve the situation.
Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts [Nitesh Dhanjani/O'Reilly]
(Image: "Activate the world" (or: what "mobile" really means), Mike, CC-BY)
The Book of Miracles (also known as the Augsburg Book of Miraculous Signs) is a compendium of beautiful 16th-century illustrations of cosmic anxiety and apocalyptic surrealism. The new edition from Taschen, edited by Till-Holger Borchert and Joshua P Waterman, is a perfect introduction to the Renaissance obsession with signs, portents and the damned weird.
My publicist just found an extra box of the cool promotional Walkaway multitools, and she’s generously offered to give them to the next 100 people to reserve tickets to the May 7th Walkaway event at Chicago’s Royal George Theater, where I’m presenting with CARDS AGAINST HUMANITY creator Max Temkin (current ticket-holders, don’t worry, you get […]
My latest novel, Walkaway, was published today, and the Crooked Timber block has honored me with a seminar on the book, where luminaries from Henry Farrell to Julia Powles to John Holbo to Astra Taylor to Bruce Schneier weigh in with a series of critical essays that will run in the weeks to come, closing […]
Bamboo has lots of uses beyond just being panda food. Things like bikes, roads, scaffolding, and musical instruments are made from the fast-growing grass. But unless you are participating in a tropical-themed LARP, you probably wouldn’t want a shirt made from bamboo stalks. So why do bamboo bed sheets make any sense? Because yarn extracted from […]
If you want to work in tech, but don’t have any desire to code web apps to help businesses sell things to other business, you might want to consider a career in cybersecurity. Judging from the apparent complete infiltration of Russian hackers in American cyberspace, it seems fair to speculate that there’s a major shortage of […]
If you want to be sure your mom gets flowers on Mother's Day I'm not sure I'd go with our store, but hey!
All moms are different. But all moms like getting flowers on Mother’s Day, and that’s a fact (not, however a fact we can document in any fashion.) Instead of getting chewed out for forgetting to call her on the second Sunday of May, you can take care of it ahead of time with Teleflora’s flower […]